MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious Link
T1566 Phishing
T1027 Obfuscated Files or Information
The PDF contains multiple embedded links, with one prominently identified as a malicious redirector. The document body, though heavily obfuscated, contains text related to 'windows 10 pro' and a URL that appears to be part of a lure. The heuristic 'SE_SECURITY_BYPASS' indicates the document instructs the user to disable security software, a common tactic in phishing and malware delivery. The primary malicious URL identified is https://ttraff.club/wix?keyword=94fbr+windows+10+pro.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Security software disable instruction high SE_SECURITY_BYPASSDocument instructs the user to disable antivirus or security software — unusual for ordinary documents and high-risk in an unsolicited file
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=94fbr+windows+10+pro
- https://7f9a7ebc-aba9-4aa6-a023-bec75a2e9e49.filesusr.com/ugd/384ea4_fff8ae9f3c194d889c79d4d7739fe091.pdf?index=true
- https://5751e629-9b96-4b9d-9593-d6543fa0276d.filesusr.com/ugd/6cf0f5_2bc62fa066ec463d803e81bcd0fb4211.pdf?index=true
- https://eb75c662-e225-49cf-a366-9bc534988daa.filesusr.com/ugd/c88839_a1eb94d392364cb19663be39347b11ad.pdf?index=true
- https://a6e45d7e-c8fa-4076-b47b-8279350c62ce.filesusr.com/ugd/595093_4ae441e5ea52419c9556e07c7ea5ba34.pdf?index=true
- https://7f564ae1-6896-47f4-b294-506b9995dd5b.filesusr.com/ugd/43d598_628651df6db24d64b9dc46241ee9fdc4.pdf?index=true
- https://3d31be65-74da-4da3-97be-756503064956.filesusr.com/ugd/277b62_258fba40fe114629905d74e492e00224.pdf?index=true
- https://ab4c4029-e44d-4675-9b92-a0942b972d28.filesusr.com/ugd/d6af85_3c7cb6c7f5314d319d6e2e6b83a813e6.pdf?index=true
- https://f0ca9efe-1821-45d5-80a8-40dfe273b849.filesusr.com/ugd/2eedf1_c198375d873c40eb812bc6f13c3de2a5.pdf?index=true
- https://a2190861-e08c-4f78-a9be-4ea1c8904ce9.filesusr.com/ugd/33a16d_dab4ddcd50a448bfab1db7705866c8a1.pdf?index=true
- https://cdn.shopify.com/s/files/1/0481/4694/0065/files/best_fabric_for_breathable_sheets.pdf
- https://cdn.shopify.com/s/files/1/0437/6225/3978/files/96969977788.pdf
- https://cdn.shopify.com/s/files/1/0429/0173/3542/files/minecraft_maps_1._8._8.pdf
- https://cdn.shopify.com/s/files/1/0432/9019/8180/files/wonky_donkey_story.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006775.bin726f3a4801cd56ee83066cb9ff9f7091f1d0bf819a86786dc25e40630488cc91 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6775 | 5368 bytes |
font_01_sfnt_off000079db.bin5c05b94e8ac57008bc23d46b424246f1c4fdbe4cc2dbf96cc010f17dac0237bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79DB | 10404 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.